package com.example.managerment.config;

import com.example.managerment.aop.UserAuthenticationEntryPoint;
import com.example.managerment.aop.UserLoginFailureHandler;
import com.example.managerment.aop.UserLoginSuccessHandler;
import com.example.managerment.aop.UserLogoutSuccessHandler;

import com.example.managerment.filter.UriFilter;
import com.example.managerment.filter.VerificationCodeFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsUtils;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserLoginSuccessHandler userLoginSuccessHandler;
    @Autowired
    private VerificationCodeFilter verificationCodeFilter;


    @Autowired
    private UserAuthenticationEntryPoint userAuthenticationEntryPoint;
    @Autowired
    private UserLoginFailureHandler userLoginFailureHandler;
    @Autowired
    private UserLogoutSuccessHandler userLogoutSuccessHandler;
    @Autowired
    private UriFilter uriFilter;


    @Autowired
    private UserDetailsService userDetailsService;
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(password());
    }


    @Bean
    PasswordEncoder password(){
        return new BCryptPasswordEncoder();
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors()
                .and().csrf().disable();


        http.authorizeRequests()//允许前端跨域联调的一个必要配置
                .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
                .antMatchers("/login") //过滤请求路径
                .permitAll()//允许通过login
                .antMatchers("/syslogin/**")
                .permitAll()
                .antMatchers("/manageAccount/**").hasRole("admin")
                .anyRequest().authenticated()//其它请求需要身份认证
                .and()
                .formLogin()
                .successHandler(userLoginSuccessHandler)
                .failureHandler(userLoginFailureHandler)
                .and()
                .exceptionHandling().authenticationEntryPoint(userAuthenticationEntryPoint)
                .and().logout().permitAll() //放行logout
                .logoutSuccessHandler(userLogoutSuccessHandler);
        http.addFilterBefore(uriFilter,UsernamePasswordAuthenticationFilter.class);
        http.addFilterBefore(verificationCodeFilter, UsernamePasswordAuthenticationFilter.class);


    }
}
